Iptables et samba ?

Marsh Posté le 25-10-2003 à 03:22:53

J'ai ouvert les port 1337 à 139 et je n'arrive pas à acceder à mes partage samba.. Que manque t'il donc ?

iptables -A INPUT -p tcp --dport 137:139 -s 192.168.0.0:255.255.255.0 -j ACCEPT
iptable -A OUTPUT -p tcp --sport 137:139 -d 192.168.0.0:255.255.255.0 -j ACCEPT

:??:

Reply

Marsh Posté le 25-10-2003 à 03:22:53

Reply

Marsh Posté le 25-10-2003 à 03:23:59

137-138 en udp mais pas tcp
139 tcp seulement

Reply

Marsh Posté le 25-10-2003 à 03:24:23

a ok merci

Reply

Marsh Posté le 25-10-2003 à 03:24:53

rapidité et efficacité :jap:

Reply

Marsh Posté le 25-10-2003 à 12:38:27

:jap:

Reply

Marsh Posté le 25-10-2003 à 20:45:46

vous pouvez m'epliquez comment faire
parce qu'avec l'utilitaire de mdk j'autorise ces ports mais rien a faire, ca veut pas...

Reply

Marsh Posté le 25-10-2003 à 20:53:32

tu tape dans une console:

iptables -A INPUT -p udp --dport 137:138 -s ipdelordikidoitacceder -j ACCEPT

iptables -A OUTPUT -p udp --sport 137:138 -d ipdelordikidoitacceder -j ACCEPT

iptables -A INPUT -p tcp --dport 139 -s ipdelordikidoitacceder -j ACCEPT

iptables -A OUTPUT -p tcp --sport 139 -d ipdelordikidoitacceder -j ACCEPT

Voila tu dois respecter la casse. Dis moi si ca marceh (car j'ai pas eu le temps de tester mon serveur est en derangement). Et ca na reste pas si tu redemarre la machine. Il te faut fer un script pour automatiser la mise en place de ces regles au demarrage (mais là je ne me susi pas encore renseigné, je cherche déjè les bonne règles)

Reply

Marsh Posté le 25-10-2003 à 20:57:26

ca marche pas

Reply

Marsh Posté le 25-10-2003 à 20:57:52

j'ai trouvé un script j'essaie ca
http://docs.mandragor.org/files/Op [...] ewall.html

Reply

Marsh Posté le 25-10-2003 à 20:58:23

fe voir un iptables -L et donne le resultat

Reply

Marsh Posté le 25-10-2003 à 20:58:23

Reply

Marsh Posté le 25-10-2003 à 21:00:34

c est ca qui nous interresse:
# J'autorise les connexions TCP et UDP entrantes sur le port 139
# mais uniquement sur l'interface "eth1"
# (pour que mon serveur Samba soit joignable depuis mon LAN seulement)
iptables -A INPUT -p tcp --dport 139 -i eth1 -j ACCEPT
iptables -A INPUT -p udp --dport 139 -i eth1 -j ACCEPT

il a pas l air d avoir autotriser les ports 137 et 138 :??:

Reply

Marsh Posté le 25-10-2003 à 21:01:34

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ppp_in all -- anywhere anywhere
eth0_in all -- anywhere anywhere
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:'
reject all -- anywhere anywhere
ACCEPT udp -- 192.168.0.1 anywhere udp dpts:netbios-ns:netbios-dgm
ACCEPT tcp -- 192.168.0.1 anywhere tcp dpt:netbios-ssn

Chain FORWARD (policy DROP)
target prot opt source destination
ppp_fwd all -- anywhere anywhere
eth0_fwd all -- anywhere anywhere
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:'
reject all -- anywhere anywhere

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
fw2net all -- anywhere anywhere
fw2masq all -- anywhere anywhere
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:OUTPUT:REJECT:'
reject all -- anywhere anywhere
ACCEPT udp -- anywhere 192.168.0.1 udp spts:netbios-ns:netbios-dgm
ACCEPT tcp -- anywhere 192.168.0.1 tcp spt:netbios-ssn

Chain all2all (3 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:'
reject all -- anywhere anywhere

Chain common (5 references)
target prot opt source destination
icmpdef icmp -- anywhere anywhere
DROP tcp -- anywhere anywhere state INVALID
REJECT udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:microsoft-ds reject-with icmp-port-unreachable
reject tcp -- anywhere anywhere tcp dpt:135
DROP udp -- anywhere anywhere udp dpt:1900
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/4
reject tcp -- anywhere anywhere tcp dpt:auth
DROP all -- anywhere 192.168.0.255

Chain dynamic (4 references)
target prot opt source destination

Chain eth0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
masq2net all -- anywhere anywhere

Chain eth0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
masq2fw all -- anywhere anywhere

Chain fw2masq (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ipp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:printer
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ns
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ipp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:printer
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-dgm
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ssn
all2all all -- anywhere anywhere

Chain fw2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere

Chain icmpdef (1 references)
target prot opt source destination

Chain loc2fw (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
ACCEPT udp -- anywhere anywhere state NEW udp dpt:3853
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop2
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:4662
all2all all -- anywhere anywhere

Chain loc2net (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere

Chain masq2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
ACCEPT udp -- anywhere anywhere state NEW udp dpt:3853
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop2
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:4662
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:bootps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ipp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nntp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ntp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
ACCEPT udp -- anywhere anywhere state NEW udp dpt:bootps
ACCEPT udp -- anywhere anywhere state NEW udp dpt:http
ACCEPT udp -- anywhere anywhere state NEW udp dpt:https
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ipp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:imap
ACCEPT udp -- anywhere anywhere state NEW udp dpt:pop3
ACCEPT udp -- anywhere anywhere state NEW udp dpt:smtp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:nntp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ntp
all2all all -- anywhere anywhere

Chain masq2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere

Chain net2all (3 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:net2all:DROP:'
DROP all -- anywhere anywhere

Chain net2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
ACCEPT udp -- anywhere anywhere state NEW udp dpt:3853
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop2
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:4662
net2all all -- anywhere anywhere

Chain newnotsyn (9 references)
target prot opt source destination
DROP all -- anywhere anywhere

Chain ppp_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
net2all all -- anywhere anywhere
net2all all -- anywhere anywhere

Chain ppp_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
net2fw all -- anywhere anywhere

Chain reject (6 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

Chain shorewall (0 references)
target prot opt source destination

Reply

Marsh Posté le 25-10-2003 à 21:02:09

ouais je comptais modifier ca

Reply

Marsh Posté le 25-10-2003 à 21:09:53

bonne nouvelle, j'arrive a pinger le pc linux depuis windows

mais j'arrive toujours pas a faire marcher samba, ce n'est pas possible de deactiver le frewall pour le reseau local?

Message édité par dRfELL le 25-10-2003 à 21:20:26

Reply

Marsh Posté le 25-10-2003 à 21:20:44

Tu peux le voir comme une movaise ou une bonen nouvelel ca

Reply

Marsh Posté le 25-10-2003 à 21:21:27

Tu as combien d interface reso ?

Reply

Marsh Posté le 25-10-2003 à 21:26:05

eth0 pour la carte reseau, et ppp0 pour le ST usb

Reply

Marsh Posté le 25-10-2003 à 21:28:37

bon j'abandonne pour ce soir j'en ai marre je remet mon modem sous windows !
jeverrai ca demain

Reply

Marsh Posté le 25-10-2003 à 22:30:08

ben tu ouvre au nivo de l eth0 et tu ferme de l autre coté totu simplement

Bon kk un a des infos serieuse sur le partage samba car moi je peux pas tester là

Reply

Iptables et samba ?

Sujets relatifs:

Leave a Replay